GMU officials ‘have no idea’ what hackers sought

By -
The Washington Times -
Tuesday, January 11, 2005

Officials at George Mason University, where hackers captured personal information about thousands of students and staff from the institution’s database, say it is not clear whether the hackers specifically were seeking the confidential files.

“We have no idea what they were looking for,” said Daniel Walsch, a GMU spokesman.

The hacking raises the fear that as many as 32,000 students, faculty and staff members connected to the university could become victims of identity fraud.

Mr. Walsch said a member of the school’s information technology unit discovered the security breach Jan. 3, but that the violation might have occurred as early as Nov. 4.

Law-enforcement authorities said yesterday that they think the hackers installed tools on the ID server that enabled them to access other servers at the school.

The authorities said the other computer systems might have been the real targets, but it could not be determined yesterday whether other programs might have been accessed.

GMU officials said there was no evidence that any personal information obtained from the IDserver had been used illegally.

Still, many students who wereon campus yesterday preparing for spring-semester classes said they were concerned.

Sara Fernandez, a sophomore from Arlington, said that even if the hackers were not trying to steal personal information, they might have pointed the way for copycats.

“Mason’s full of a lot of smart students,” she said. “If one person can do it, I’m sure someone can figure out how to do it again.”

Kia Kianersi, a communications majorfrom Fairfax, said he thought the university had tighter security for its server.

“We’re so close to Washington, D.C. I think our security would be [better] overall,” he said.

Robert Ricks, a 29-year-old computer science major and part-time university employee, said he was recently hired as a summer intern for a company in Reston and was worried there might be problems with his security clearance because his information was stolen.

Mr. Ricks said he called the TransUnion credit bureau yesterday to check his credit activity.